Definition of “constitutionally-meaningful levels of IT service trustworthiness”

(suggest edits are very welcome)

“Constitutionally-meaningfullevels of IT service trustworthiness”: Describes levels of confidentiality, authenticity, integrity and non-repudiation of a given end-2-end IT service (or experience) that are sufficiently high to render its use – under ordinary user scenarios – rationally compatible with the full and effective Internet-connected exercise of its user’s core civil rights, except for voting in governmental elections. In more concrete terms, it defines an IT service that warrants extremely well-placed confidence that an extremely-skilled attacker – willing to perform continuous or pervasive comprimization – would incur costs and risks that exceeed the following: (1) for comprimization of a single user, the tens of thousands of euros, and a significant discoverability, such as those associated with enacting such level of abuse through on-site, proximity-based user surveillance, or non-scalable remote endpoint techniques, such as NSA TAO; (2) for the comprimization of the supply chain or lifecycle, the tens of millions of euros, and significant discoverability (albeit with unlikely actual liability), that are typically sustained by well-financend advanced public and private actors, for high-value supply chains, through legal and illegal subversions of all kinds, including economic pressures.”

Definition of other common IT Security terms

(suggest edits are very welcome)

“Vulnerability”: A weakness in the software, hardware or human process involved in parts of a complete computing experience or service, for which there exist exploitation means (information, techniques, software and/or hardware), which can be used by an attacker to impede expected actions and/or enact unexpected actions.

“Asymmetric Vulnerability”: A critical vulnerability whose exploitation means are available only to a define set of entities. They may rely on the additional need of user or compenents keys (such as CPU firmware updates), or dedicated hardware such as the famous ENIGMA machine.

Critical IT Service Component. An hardware, software (or firmware) or human process involved in the service, whereas a critical vulnerability can NOT be protected against – at the highest-levels of assurance – through proven OS, SoC and/or CPU level isolation/compartmentation techniques, and other techniques.

Critical Vulnerability: A vulnerability is critical when it enable the attacker to reliably, remotely and undetectably reduce a user’s information assurance in a pervasive, continuous and undetectable way.

Assurance or Trustworthiness: the level of confidence that an informed and competent IT security expert can rationally hold that a computing service or experience, or one of its components, will perform the expected actions and will not perform unexpected ones.

Scalable Critical Vulnerability: A critical vulnerability that enables an attacker to perform continuous or pevasive surveillance for less than tens or hundred of thousands of $ per year, and with a significant risk of discovery, with difficult plausible deniability.

Key Management: The activities involving the handling of cryptographic keys and related metadata during their entire life cycle from generation to destruction.

Critical Zero Day: a symmetrical critical vulnerability in a software or hardware component, become a zero day from the day it become publicly known until a patch is developed that enables user to remove that vulnerability through a software update.

Back-door (System): A critical vulnerability which is known at any given time to one or more entities of any kind – including its creators – through direct engineering subversion, acquisition or discovery, whose existence and/or its exploitation details are kept hidden to most or all end-users. As opposed to key-recovery usually the same information allows access to all users of a given IT system. Examples: Any publicly-undisclosed remote critical zero-day vulnerability.

Key-Recovery (Service): aservice by which a copy of selected keys needed to decrypt encrypted data or communications of a given user is legally held at all times in custody by a custodian entity so that, under certain legal or legal/contractual circumstances, a requesting entity may gain access to those keys. Such custodian entity may be any entity chosen by the user, by the user’s employer or be a state agency mandated by law, such as:the employer of the user, the service provider, law enforcement agency, the user himself or an heir of the user. Examples: It is typically part of any enteprise or governmental agency internal IT system, to enable continuity of access to company data and other functions.

Key Escrow (Service): a kind of key-recovery servicein which the custodian entity is not your employer, but some other third party entity.

State-mandated back-door: a back-door known and sanctioned by the state or a state agency. Its existence may or may not be publicly notified to users. Knowledge of its full details are supposedly accessible only to one state agencies, or only to a joint minimum of different state agencies – through “secret sharing” or “threshold secret” technical, socio-technical or organizational schemes. Their specific legal mandate, its certification requirements and/or the practical implementations may be legal, illegal or legal but unconstitutional. Examples: Nationally-mandated telephone interception systems,

Asymmetric back-Door. A back-door whose means of exploitation are intended or expected to be exploitable only to entities that necessarily have access to a given key, information, techniques or hardware appliance.

State-mandated Lawful Access Systems: a key recovery arrangement, and possibly data, such as mandatory lawful interception systems for telephone operators, which include detailed technical and organizational requirements for the requesting agency and for the service provider, standardized and certified by national and international bodies.

NIST Official Glossary Definition Official definition from NIST (pdf):

Key Management: The activities involving the handling of cryptographic keys and other related security parameters (e.g., IVs and passwords) during the entire life cycle of the keys, including their generation, storage, establishment, entry and output, and zeroization.

Key Escrow. A deposit of the private key of a subscriber and other pertinent information pursuant to an escrow agreement or similar contract binding upon the subscriber, the terms of which require one or more agents to hold the subscriber’s private key for the benefit of the subscriber, an employer, or other party, upon provisions set forth in the agreement.

Backdoor: An undocumented way of gaining access to a computer system. A backdoor is a potential security risk.

Software Assurance: Level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its life cycle, and that the software functions in the intended manner.